README.md
1# AuthMgr
2
3The AuthMgr protocol authenticates and authorizes clients before they can
4access trusted HALs, AIDL-defined services in trusted execution environments.
5Version 1 was designed to allow applications running in a protected virtual
6machine (pVM) to access services running in a TEE in ARM TrustZone. An
7implementation of `IAuthMgrAuthorization` is referred to as an AuthMgr Backend.
8An implementation of a client of the AuthMgr Backend is referred to as an
9AuthMgr Frontend.
10
11
12## Additional Requirements by Android Version
13
14The comments on `IAuthMgrAuthorization` describe the requirements for implementing
15an AuthMgr Backend (implementor of the interface) itself. There are some additional
16requirements that are specific to Android release versions.
17
18### Android 16
19- If implementing `IAuthMgrAuthorization` in Android 16 only one AuthMgr Backend is
20supported and dynamic service discovery is not supported. The AuthMgr Backend
21service must be exposed on secure partition ID 0x8001 over VSOCK port 1.
22
23- AuthMgr Front Ends must implement the "android.16" profile as described in the
24[Android Profile for DICE](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#versions)